jetson-download-bsp
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Runtime path: the skill fetches release lists and artifact pages from the public web (e.g.,
https://developer.nvidia.com/embedded/jetson-linux-archiveand linked release pages) and then uses the fetched page text/links to drive decisions, which is outsider-authored free text.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill performs runtime WebFetches of the NVIDIA Jetson Linux archive (https://developer.nvidia.com/embedded/jetson-linux-archive) and linked release/docs pages (e.g., https://docs.nvidia.com/jetson/archives/r/), and the fetched page content is used at runtime to populate release-selection prompts and to locate artifact URLs, so the external content directly controls agent prompts and required behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata